Malware Biodiversity Using Static Analysis

Malware is constantly changing and is released very rapidly, necessarily to remain effective in the changing computer landscape. Some malware files can be related to each other; studies that indicate that malware samples are similar often base that determination on common behavior or code. Given, then, that new malware is often developed based on existing malware, we can see that some code fragments, behavior, and techniques may be influencing more development than others. We propose a method by which we can determine the extent that previously released malware is influencing the development of new malware. Our method allows us to examine the way that malware changes over time, allowing us to look at trends in the changing malware landscape. This method, which involves a historical study of malware, can then be extended to investigate specific behaviors or code fragments. Our method shows that, with respect to the method in which we compared malware samples, over 64 % of malware samples that we analyzed are contributing to the biodiversity of the malware ecosystem and influencing new malware development.